ARQ: User details fields mappings problem in Access Request

Similar Messages

• User details are not populating in access request

  Hello All,
  We have configured GRC 10 with LDAP and we are able to search the users in LDAP tcode(find option) and in the access request. But when i select the user and click on ok in the access request, user information is not populating to user details tab. I have followed the SAP Standard doc and configuration is fine. When i select data source as SAP system, user details are population as expected. But when i use LDAP as data source, i am having the issue. I hope this is an field mapping issue but i tried all different options but no solution i found. Kindly help me with your expert suggestions.
  Field mapping is as follows:
  LASTNAME
  SN
  FIRSTNAME
  GIVENNAME
  USERID
  SAMACCOUNTNAME
  ROLE_NAME
  NAME
  MEMBER_OF
  MEMBEROF
  EMAIL
  MAIL
  MANAGERID
  MANAGER
  Regards,
  Jai Reddy.

  I know the path, but how to check it? is it using metaverse search?
  Look at the Runs. Are they succeeding, or failing to connect?
  Remove the Bit 17 and try again.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Can we add users to the 'Manage Access Request' field to process site access request in SharePoint Online?

  Hi,
  I have a requirement in which I have to assign couple of email ids to the "Manage Access Request" field to process site access requests. And, this is possible using server object model but I have to achieve this on SharePoint Online with the help
  of CSOM.
  There are two properties which control the access request configuration, first is "RequestAccessEnabled", a Boolean flag which turns on or off the access request feature for the site. The second property defines one or more email addresses where
  requests will be sent to. It is named "RequestAccessEmail".
  The above both properties are available for server object model but not for CSOM.
  So, is there any other workaround or way to achieve the sane in CSOM?
  Thanks,

  I don't think there is a programmatic workaround for SharePoint Online.  But the email address is just used for Notification.  Anyone with Manage Permissions can approve Access Requests.  If you create an email distribution list for the multiple
  addresses that should be notified you should be able to add the email address for the distribution list into the Access request email field using the user interface.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• User Management - How to submit Additional Access Request on behalf of employee

  User Management - how can we configure "Access Requests" so that Managers can submit Additional Access Requests, or Initial Access Requests on behalf of employee?
  Have looked at "Manage Proxies" but this seems to allow access to everything - not ideal
  Please assist with knowledge and/or experience
  Many Thanks
  Me

  Additional Access Request Registration Process is complete
  Giving access to User Management to users is not an option.
  What I would like is the scenario below - is this achievable?
  When employee goes to iProcurement > Preferences > Access Requests > Request Access | they can submit an access request on behalf of themselves.
  Would like an option where a manager, navigates to same UI as above, has option to choose a subordinate, and request additional access on their behalf
  The table UMX_REG_REQUESTS has columns REQUESTED_FOR_USER_ID & REQUESTED_BY_USER_ID - so it seems they don't have to be same person (manager can submit request on behalf of an employee)
  Can this be achieved through UI for "Access Requests"?

• User defined field insertion problem in Stock Taking Report (PLD)

  We are creating one PLD for one of our customer for Stock Taking Report by modifying the existing sytem report. We will insert two user defined fields (Rack & Bin) from OITW table and link these with the warehouse code field which is at report header as there are different warehouse for the item and material is kept in different rank and bin in different warehouse. But after inserting these fields we found that repetative area becomes blank in the report.
  So please let us know how to overcome this problem.
  Thanks & with regards.
  Aloke
  Edited by: ALOKE BANDYOPADHYAY on Sep 4, 2010 4:42 PM

  Hi Aloke,
  This PLD is one of the hard coded PLD. You are not able to add UDF freely. I believe you may only add UDF from OITM table. Try you own report instead.
  Thanks,
  Gordon

• User Defined Fields & Tables Problem

  After the upgrade to B1 2007 and converting our database to 2005 compatibility as per the upgrade directions, we’re having some weird issues with our user defined fields and tables. 
  •     Our user defined fields that used to be alpha-numeric when set up in B1 are now in the database as nvarchar(MAX), even after updating the fields in the Manage User Defined Fields screen.  B1 is obviously not setting the right field information as per its interface.
  •     We’re can no longer add records to user defined tables through the B1 interface, though we can add them fine through SQL Server or an ODBC interface.  The error we are getting is
  [Microsoft][SQL Native Client][SQL Server]Conversion failed when converting the nvarchar value '-3 @PASSWORDS' to data type int. (CINF)
  .  I don’t understand where this problem is coming from because there isn’t even a data field that is an integer, so I don’t know what it’s trying to convert.

  Derek,
  I would suggest you post this question to SAP Support by creating a message.  Also search for any notes on this from https://websmp201.sap-ag.de/notes
  Suda

• ARQ: Default Role Provisioning Problem in Access Request???

  Hi,
  This Business Scenario is very common to have default role(s) assigned to a User at the back end system. So I have the same requirement. In achieving this, I followed below thread here:
  MSMP Issue - GRC 10
  I have also followed the note#1616092  for configuring the Default Roles.
  I have performed below activities:
  1. Param#2009 = YES
  2. Param#2010 = 001
  3. Param#2011 = REQUEST
  4. Param#2013 = SYSTEM
  5. Param#2038 = YES
  6. Imported a test role and NO ROLE OWNER is maintained.
  7.In NWBC->-AM->RM, I maintained a test role as a default.
  Now when I raise a request, application is successfully adding the default role to the request. However, the problem I am facing is that, one Manager approves the request, it is getting failed.
  The Audit Log says that, the STAGE is "Completed" but I could also see "No Agent Found, Cancelling path XYZ (in stage no. 002- GRAC_ROLEOWNER)
  May I know what I am missing here? Why I am getting error and how can I resolve it?
  Please advise.
  Regards,
  Faisal

  Hi Faisal,
  sorry for late resposne I was away traveling.
  default roles are being added by default to access request
  Yes, these roles are added to the access request.
  FN: OK
  and this roles are following your normal paths which I guess assumes manager and role owner.
  How such roles (not having role owner) will follow the normal path Manager->Role Owner if we are enabling routing (Rule ID: GRAC_MSMP_ROUTE_NO_ROLEOWNER) at manager stage level? Can you please help me understand this?
  FN: OK If you enable routing it will go to routing path. I have understood your post as you put in question the behavior of default roles and my point was - they act exacly the same like regular roles.
  - request is going to detour path
  Does it answer my question?
  FN: My point was default roles like all other will go to detur path (assuming you setup it globaly)
  Deafault roles can have separate path (in my case) where only supervisor is approving it.
  Instead of "GRAC_MSMP_ROUTE_NO_ROLEOWNER"  I believe we can have our own rule to have a separate path for such default roles based upon business requirement. Correct me, if required.
  FN; correct
  It was design in way that initiator rule based on role crtivality is sending this rule to separate path without role owner.
  Again, I believe you have enabled your custom rule here to achieve your business requirement instead standard rule id.
  correct
  If you do not have separate path - this role like any other will follow standard path you have.
  Here, I had used a stage called "ZNO_STAGE_PATH" for routing the system line item, which does not have any owner. I used the same path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER"Rule ID and it is working fine as of now.
  FN: good
  My question is that, do you think if I don't use "ZNO_STAGE_PATH" as Path ID for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, should it follow the standard Manager->Role Owner path and these default roles get approved and assigned automatically?
  FN: You should use the path ZNO_STAGE_PATH as path ID for routing rule.
  If the role does not have role owner it will not allow you the even get to Role Onwer stage - request will be detured.
  My point from the begining was - instead of using the routing rule - in our case we used separate path for default roles without role owner:) only consisted with manager stage. Again your approach is different but also will work.
  Then which Path ID should I use for "GRAC_MSMP_ROUTE_NO_ROLEOWNER" Rule ID, as it is mandatory?
  Should I use my current path for New/Change Account where at Manager level this was routed due to non availability of role owner?
  Are you asking for default roles?
  Please advise.
  Regards,
  Faisal

• ARQ: "No Provisioning log available" message in Access Request

  Hi,
  I am facing a problem wherein, a request is duly provisioned and closed. However, in email notification, I get below message:
  Hi XXX,
  The Request number : 123 , has been processed by XYZ and the Request is Closed. The details are as follows:
  No Provisioning log available
  I checked and noticed that, request is duly closed and user is either created/modified in the target system properly. I maintained variable
  %PROVISIONING% in the email body but still I am not getting the provisioning details.
  The document is active and working absolutely fine in Development system. But here I am not sure why this is not working.
  Can anybody help me determine what I am missing?
  Regards,
  Faisal

  Hi Claudio,
  Thanks for your reply.
  I am on SP#14 and it seems to be applicable and I can try this. Just before doing so, I would like to inform you that this is working in Development system (same settings) but not in QA. To the best of my knowledge, the configuration is same and no modifications have been done in QA alone.
  Still I am facing this problem. Do  you think if I implement this in Development system, the existing configurations will not be corrupted?
  Also, please see below screen I got from GRFNMW_DBMONITOR_WD tcode
  From this I can see, the value in variable "PROVISIONING"  is same as I am receiving in email notification. But not sure if why this is not getting updated. Where as in development, I could see values for this variable properly.
  Any suggestion?
  Regards,
  Faisal

• Extending user details: Label in user Profile

  Hello,
  I have followed the document "How to Extend User Details" to add custom properties to user details. However, although it is possible to add labels to the user details iView (which you can access from KM), it does not seem possible to add labels for these properties on the User Profile (which you access through Personalize->User Profile).
  I have checked <a href="https://www.sdn.sap.com/irj/sdn/thread?forumID=42&threadID=129068&messageID=1443674">this</a> post, and the answer refers to the User Details iView, not the User Profile maintenance.
  Regards,
  Martin

  Hello Anja,
  This is a nice surprise (I remember you from your visit here to SA Breweries).
  The labels display fine in the User Details iView, but in Personalise -> User Profile, only the field names show up, the way they have been defined, e.g. expertarea, as opposed to "Expert Area", just as in the screenshots in the How-To Guide. The entries save without a problem.
  In other words, the field labels show up just as you defined them in UM Configuration, but you have no ability to change them to proper descriptive texts (as you would with KM property labels).
  Regards,
  Martin

• No Approvers visible on Access Requests

  Hi Everyone
  I am currently experiencing a problem on Access Request Management, on all my request types no Approvers are visible after submission of a request. Checking the request under Instance Status it shows no Approvers, the Approvers have been assigned on the Roles for Assignment approval and Content approval and also have been created on NWBC front-end as Role Owners. On MSMP GRAC_ROLEOWNER Agent has been assign to ROLEOWNER stage and also the stage task settings maintained, On the GRC system the Role Owner/Approvers have also be created and given the proper access including SAP_GRAC_ACCESS_APPROVER role.
  I am not sure where I am going wrong on the Workflow, I have checked and verified also the settings under SPRO - Maintain Configuration Settings and Perform Task-SpecificCustomizing.
  Your assistance in this is highly appreciated
  Regards
  George

  Hi Lentobo,
  As Dilip suggested ,please ensure that role owner is set-up in NWBC. Define role owner  in , Access Control Owner hyperlink ,under Set up tab of NWBC.
  Also make sure that you have checked the checkbox "Assignemnt approver" under Owner tab of  that role.
  Thanks,
  Mamoon

• User details are missing in Access request in GRC 10.0

  Hello All,
  When we are trying to create Access request in GRC 10.0 for an user it results as user  details not found.
  Under SPRO - Maintain data source configuration we have configured 2 HR systems HR1 and HR2.
  But the User details exits in HR1 system and lies in validity also. We have tried to run the Repository Object Sync also still unable to search the details.
  But we observed even after the Sync job User details are not created in table GRACUSER and GRACUSERCONN. Is this could be the problem. Why its not updating even after the Sync job many times almost 10 times.
  We have also configured parameter 5023 to YES.Please advise.
  Thanks in advance.

  Did the sequence for HR1 set to 1 or 2, I hope you are following the suggestions given by Luciana in other thread.
  Please post your data source config screenshots otherwise.
  BR,
  Mangesh

• Making Manager field in user details tab mandatory in GRC 10

  While raising the GRC Access request, I would like to make the Manager field madatory to be filled.  What is happening now,, the requestor is raising the request without manager field filled, and its not able to find the manager as per the route and the request get cancelled.
  Is there a option to modify the field to make it mandatory by red asterik as its there for other fields in user details tab.
  Response is appreciated.

  Hi ,
  Please Navigate to IMG > Governance, Risk and Compliance >  Access Control > User Provisioning > Maintain End User Personalization.
  There are four columns of fields that can be maintained:
  -  Default value
  - Mandatory
  - Editable
  - Visible
  By Choosing YES or NO from the dropdown list under the Mandatory field, any field on the Access Request screen can be made mandatory.
  Hope this helps.
  Vikas

• I have upgraded Apple Aperture from version 2 to version 3 and I'm having a problem with the "Highlights and Shadows" adjustment. According to the user's manual, I should have access to an advanced disclosure triangle which would allow me to adjust mid co

  I have upgraded Apple Aperture from version 2 to version 3 and I'm having a problem with the "Highlights and Shadows" adjustment. According to the user's manual, I should have access to an advanced disclosure triangle which would allow me to adjust mid contrast, colour, radius, high tonal width and low tonal width.
  If anyone has any suggestions as to how to access this advanced section, I'd be most grateful.

  Hi David-
  The advanced adjustments in the Highlights & Shadows tool were combined into the "Mid Contrast" slider in Aperture 3.3 and later. If you have any images in your library that were processed in a version of Aperture before 3.3, there will be an Upgrade button in the Highlights & Shadows tool in the upper right, and the controls you asked about under the Advanced section. Clicking the Upgrade button will re-render the photo using the new version of Highlights & Shadows, and the Advanced section will be replaced with the new Mid Contrast slider. With the new version from 3.3 you probably don't need the Advanced slider, but if you want to use the older version you can download it from this page:
  http://www.apertureexpert.com/tips/2012/6/12/reclaim-the-legacy-highlights-shado ws-adjustment-in-aperture.html

• GRC 10.0 Access Request Creation- Data Source of User Details

  Hi Experts,
  I was doing GRC 10.0 Configuration and found a query which I am not able to resolve.
  While creation of any kind of Access Request in GRC through NWBC> Acces Management Tab>Access Request>Access Request Creation.
  In the user details section, I can see the HR records( like Pernr, position, manager) have been visible to some extent.
  My question is where from these details came in GRC. What configuration we should maintain to achieve these HR records?
  Hope to get a quick response as this is one of the requirement of the implementation which I am doing with my customer.
  Thanks,
  Atanu

  Alessandro,
  Thanks for your response. It helped me to know certain things.
  But when I am navigating to SPRO > GRC > Access Control > Maintain Data Sources Configuration > [User Detail Data Source], it is configured with a ECC system in target connector and User data type is maintained as "SU01".
  Now my question is where from in my case the GRC is pulling the HR records (PA20) like PERNR, POSITION,PERSONEL AREA etc? SU01 does not provide these information. My ECC box is integrated with HR module, so is it taking the data from HR directly?
  Thanks in advance!
  Atanu

• URGENT!Can I user a THIN jdbc driver to access a CLOB field from oracle 8.0.5 DB?

  URGENT!Can I user a THIN jdbc driver to access a CLOB field from oracle 8.0.5 DB?

  I think you'd need to contact Oracle support to get access to older versions of the driver.
  Since 8.0.5 isn't supported any longer, however, is it possible for you to update your Oracle client to one of the supported releases-- 8.1.7 or 9i?
  Justin